Vulnerability Details CVE-2024-58287
reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmap_cmd parameter with malicious base64-encoded payloads to achieve remote code execution during scan engine configuration.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.9%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2024-58287
-
cpe:2.3:a:yogeshojha:rengine:2.2.0